Merge branch '37127-switch-from-startupProbe-to-livenessProbe-in-waf' into 'master'

Switch from startupProbe to livenessProbe in Modsecurity

See merge request gitlab-org/gitlab!28942

app/models/clusters/applications/ingress.rb

@@ -30,7 +30,6 @@ module Clusters
       enum modsecurity_mode: { logging: 0, blocking: 1 }
 
       FETCH_IP_ADDRESS_DELAY = 30.seconds
-      MODSEC_SIDECAR_INITIAL_DELAY_SECONDS = 10
 
       state_machine :status do
         after_transition any => [:installed] do |application|
@@ -108,11 +107,13 @@ module Clusters
                     "readOnly" => true
                   }
                 ],
-                "startupProbe" => {
+                "livenessProbe" => {
                   "exec" => {
-                    "command" => ["ls", "/var/log/modsec"]
-                  },
-                  "initialDelaySeconds" => MODSEC_SIDECAR_INITIAL_DELAY_SECONDS
+                    "command" => [
+                      "ls",
+                      "/var/log/modsec/audit.log"
+                    ]
+                  }
                 }
               }
             ],

spec/models/clusters/applications/ingress_spec.rb

@@ -219,6 +219,12 @@ describe Clusters::Applications::Ingress do
 
         expect(subject.values).to include('extraContainers')
       end
+
+      it 'includes livenessProbe for modsecurity sidecar container' do
+        probe_config = YAML.safe_load(subject.values).dig('controller', 'extraContainers', 0, 'livenessProbe')
+
+        expect(probe_config).to eq('exec' => { 'command' => ['ls', '/var/log/modsec/audit.log'] })
+      end
     end
 
     context 'when modsecurity_enabled is disabled' do